Access of objects to resources such as, software applications, web services, physical containers or even facilities, are becoming increasingly difficult to manage via access control lists (ACLs) or group policies. An “object” typically represents a person or thing seeking resource access. ACLs usually grant resource access by evaluating an object's name or unique identifier and comparing it to a pre-approved list. If an object, such as a user, is re-assigned, changes clearance, or is promoted, access to resources should also change. Currently, ACL resource managers (RMs) must evaluate personnel records to determine resource access. Such a task can become time-consuming and inefficient as the number of personnel and resources within an organization grow. Limited access to personnel records by RMs could compound the problem.
Another limitation with ACLs and group policies is their inability to accurately and quickly respond to the existence of constantly changing environmental statuses. Homeland Security and regional Information Assurance (IA) agencies are authorized to impose security levels (environmental condition) within their jurisdiction. Access to a wide range of resources by many objects should be affected at the precise time a security level (environmental status) changes. Sudden changes in security conditions may not allow sufficient time to modify an ACL or group, thereby creating possible security breaches by un-authorized resource access. Finer granularity of resource access may be required during certain security conditions.
In addition to the above features, an RM may also find it beneficial to establish a policy that forces the object to make a set of selections or provide information, the result of which can then be compared with the policy conditions to either grant or deny resource access. Conditioning access based upon information dynamically obtained from an object provides for a greater level of resource security.
An access control system having the above-identified capabilities is non-existent in the art and is highly desirable.